[PATCH v7 00/32] riscv control-flow integrity for usermode
niliqiang
ni_liqiang at 126.com
Sun Dec 8 07:51:41 PST 2024
> How to test this series
> =======================
I recently built a test environment for RISCV control-flow integrity for
usermode using QEMU, referring to the test instructions in the patch.
I found several problems during the test, and I hope you can answer them.
Thank you.
Q1:
The CFI-related macro definition values in
QEMU(branch: qemu-zicfilp_zicfiss_ratified_master_july11) and
Linux(branch: linux-riscv-cfi-vdso_user_cfi_v6.12-rc1) are inconsistent.
For example, the definition value of PR_GET_SHADOW_STACK_STATUS in QEMU
is 71, but the definition value in Linux is 74.
In order to continue the test, I modified the relevant definitions
in the QEMU and GUN source codes with reference to the Linux source code,
so that the cfi-related macro definitions in the QEMU and GUN source codes
are consistent with Linux.
Q2:
When zicfilp=true is added to the QEMU command to enable landing pad,
after cfitests command is executed, a segmentation fault is prompted,
software check exception is raised, and the value of xtval is 2.
According to the comments in the code, when xtval is 2, there are the
following exceptions.
* An indirect branch doesn't land on 4 byte aligned PC or `lpad`
* instruction or `label` value programmed in `lpad` instr doesn't
* match with value setup in `x7`.
Why do these software check exceptions exist? What should I do to further
troubleshoot or resolve these issues?
The software versions I am using are all the versions mentioned in the
test instructions, and the zicfiss test is in line with expectations.
Can you help me with the above two questions, especially the second one?
thank you very much.
More information about the linux-riscv
mailing list